CVE-2008-5250

EPSS 0.35%
Published 19.12.2008 17:30:03
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Mediawiki ≫ Mediawiki Version1.6.11

Mediawiki ≫ Mediawiki Version1.12.0

Mediawiki ≫ Mediawiki Version1.12.1

Mediawiki ≫ Mediawiki Version1.13.0

Mediawiki ≫ Mediawiki Version1.13.1

Mediawiki ≫ Mediawiki Version1.13.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.57

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html

Patch

Vendor Advisory

http://secunia.com/advisories/33133

Patch

Vendor Advisory

http://secunia.com/advisories/33349

http://www.debian.org/security/2009/dsa-1901

http://www.securityfocus.com/bid/32844

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01256.html

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01309.html

https://nvd.nist.gov/vuln/detail/CVE-2008-5250

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5250

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5250

EUVD